how can I modify the network packet payload? - Networking

This is a discussion on how can I modify the network packet payload? - Networking ; I captured the packets I'm sending out by "iptables -A OUTPUT -j QUEUE" And use C code with libipq to parse the packet structure, and change every character into '!' as below: ipq_packet_msg_t *m = ipq_get_packet(buf); struct iphdr *iph = ...

+ Reply to Thread
Results 1 to 9 of 9

Thread: how can I modify the network packet payload?

  1. how can I modify the network packet payload?

    I captured the packets I'm sending out by "iptables -A OUTPUT -j
    QUEUE"
    And use C code with libipq to parse the packet structure, and change
    every character into '!' as below:

    ipq_packet_msg_t *m = ipq_get_packet(buf);
    struct iphdr *iph = ((struct iphdr *)m->payload);
    struct tcphdr *tcp = (struct tcphdr *)(m->payload + (iph->ihl << 2));
    payload_offset = ((iph->ihl << 2) + (tcp->doff << 2));
    payload_length = (unsigned int) ntohs(iph->tot_len) - ((iph->ihl << 2)
    + (tcp->doff << 2));
    iphdr_size = (iph->ihl << 2);
    tcphdr_size = (tcp->doff << 2);
    port = ntohs(tcp->dest);
    if (payload_length) {
    int i;
    for (i=0; i *(m->payload + payload_offset + i) = '!';

    }

    however, the packets sending out is still the original string, not the
    one with all '!' string. what should I do to change the payload of the
    tcp packet?

    Thank you

  2. Re: how can I modify the network packet payload?

    On Oct 22, 8:42*pm, jimmy wrote:
    > I captured the packets I'm sending out by "iptables -A OUTPUT -j
    > QUEUE"
    > And use C code with libipq to parse the packet structure, and change
    > every character into '!' as below:
    >
    > ipq_packet_msg_t *m = ipq_get_packet(buf);
    > struct iphdr *iph = ((struct iphdr *)m->payload);
    > struct tcphdr *tcp = (struct tcphdr *)(m->payload + (iph->ihl << 2));
    > payload_offset = ((iph->ihl << 2) + (tcp->doff << 2));
    > payload_length = (unsigned int) ntohs(iph->tot_len) - ((iph->ihl << 2)
    > + (tcp->doff << 2));
    > iphdr_size = (iph->ihl << 2);
    > tcphdr_size = (tcp->doff << 2);
    > port = ntohs(tcp->dest);
    > if (payload_length) {
    > * * * * int i;
    > * * * * for (i=0; i > * * * * * * * * *(m->payload + payload_offset + i) = '!';
    >
    > }
    >
    > however, the packets sending out is still the original string, not the
    > one with all '!' string. what should I do to change the payload of the
    > tcp packet?
    >
    > Thank you


    Do you call ipq_set_verdict? Do you fix the checksum?

    DS

  3. Re: how can I modify the network packet payload?

    On Oct 23, 1:48 pm, David Schwartz wrote:
    > On Oct 22, 8:42 pm, jimmy wrote:
    >
    >
    >
    > > I captured the packets I'm sending out by "iptables -A OUTPUT -j
    > > QUEUE"
    > > And use C code with libipq to parse the packet structure, and change
    > > every character into '!' as below:

    >
    > > ipq_packet_msg_t *m = ipq_get_packet(buf);
    > > struct iphdr *iph = ((struct iphdr *)m->payload);
    > > struct tcphdr *tcp = (struct tcphdr *)(m->payload + (iph->ihl << 2));
    > > payload_offset = ((iph->ihl << 2) + (tcp->doff << 2));
    > > payload_length = (unsigned int) ntohs(iph->tot_len) - ((iph->ihl << 2)
    > > + (tcp->doff << 2));
    > > iphdr_size = (iph->ihl << 2);
    > > tcphdr_size = (tcp->doff << 2);
    > > port = ntohs(tcp->dest);
    > > if (payload_length) {
    > > int i;
    > > for (i=0; i > > *(m->payload + payload_offset + i) = '!';

    >
    > > }

    >
    > > however, the packets sending out is still the original string, not the
    > > one with all '!' string. what should I do to change the payload of the
    > > tcp packet?

    >
    > > Thank you

    >
    > Do you call ipq_set_verdict? Do you fix the checksum?
    >
    > DS


    yeah I use the ipq_set_verdict as below:
    status = ipq_set_verdict(h, m-
    >packet_id, NF_ACCEPT, 0, NULL);

    if (status < 0)
    die(h);

    But I didn't change the checksum of packet header, since I didn't
    change the header.
    I don't know how to change the payload's checksum.

    I'm wondering whether the ipq_set_mode is the problem since I use
    IPQ_COPY_PACKET. I don't know if there are other options.
    I use the following the lines in front of the previous codes.
    h = ipq_create_handle(0, PF_INET);
    if (!h)
    die(h);
    status = ipq_set_mode(h, IPQ_COPY_PACKET, BUFSIZE);
    if (status < 0)
    die(h);

    Can any one give some hints?

    Thank you

  4. Re: how can I modify the network packet payload?

    On Oct 23, 7:00*am, jimmy wrote:

    > yeah I use the ipq_set_verdict as below:
    > * * * * * * * * * * * * * * * *status =ipq_set_verdict(h, m->packet_id, NF_ACCEPT, 0, NULL);


    Umm, no wonder. You modified your copy of the packet data, but never
    did anything with the modified data!

    > I'm wondering whether the ipq_set_mode is the problem since I use
    > IPQ_COPY_PACKET. I don't know if there are other options.
    > I use the following the lines in front of the previous codes.
    > * * * * h = ipq_create_handle(0, PF_INET);
    > * * * * if (!h)
    > * * * * * * * * die(h);
    > * * * * status = ipq_set_mode(h, IPQ_COPY_PACKET, BUFSIZE);
    > * * * * if (status < 0)
    > * * * * * * * * die(h);
    >
    > Can any one give some hints?


    1) You got a copy of the packet.

    2) You modified your copy.

    3) You didn't do anything with your copy.

    Read the docs for ipq_set_verdict carefully.

    DS

  5. Re: how can I modify the network packet payload?

    On Oct 24, 7:13 am, David Schwartz wrote:
    > On Oct 23, 7:00 am, jimmy wrote:
    >
    > > yeah I use the ipq_set_verdict as below:
    > > status = ipq_set_verdict(h, m->packet_id, NF_ACCEPT, 0, NULL);

    >
    > Umm, no wonder. You modified your copy of the packet data, but never
    > did anything with the modified data!
    >
    > > I'm wondering whether the ipq_set_mode is the problem since I use
    > > IPQ_COPY_PACKET. I don't know if there are other options.
    > > I use the following the lines in front of the previous codes.
    > > h = ipq_create_handle(0, PF_INET);
    > > if (!h)
    > > die(h);
    > > status = ipq_set_mode(h, IPQ_COPY_PACKET, BUFSIZE);
    > > if (status < 0)
    > > die(h);

    >
    > > Can any one give some hints?

    >
    > 1) You got a copy of the packet.
    >
    > 2) You modified your copy.
    >
    > 3) You didn't do anything with your copy.
    >
    > Read the docs for ipq_set_verdict carefully.
    >
    > DS



    Yeah. It works. Thank you very much

  6. Re: how can I modify the network packet payload?

    On Oct 24, 7:13 am, David Schwartz wrote:
    > On Oct 23, 7:00 am, jimmy wrote:
    >
    > > yeah I use the ipq_set_verdict as below:
    > > status = ipq_set_verdict(h, m->packet_id, NF_ACCEPT, 0, NULL);

    >
    > Umm, no wonder. You modified your copy of the packet data, but never
    > did anything with the modified data!
    >
    > > I'm wondering whether the ipq_set_mode is the problem since I use
    > > IPQ_COPY_PACKET. I don't know if there are other options.
    > > I use the following the lines in front of the previous codes.
    > > h = ipq_create_handle(0, PF_INET);
    > > if (!h)
    > > die(h);
    > > status = ipq_set_mode(h, IPQ_COPY_PACKET, BUFSIZE);
    > > if (status < 0)
    > > die(h);

    >
    > > Can any one give some hints?

    >
    > 1) You got a copy of the packet.
    >
    > 2) You modified your copy.
    >
    > 3) You didn't do anything with your copy.
    >
    > Read the docs for ipq_set_verdict carefully.
    >
    > DS



    Sorry. It has some new problem.

    The packet data is changed when I send and receive both on the
    localhost. The tcp packets are changed, sent and recv all through
    127.0.0.1. It works well on the same laptop.

    But when I send and recv at different laptop through ad hoc network,
    the receiver cannot receive anything. At the sender side, the packets
    seem changed and sent out. And after 6 or 7 packets sent out, the
    sender seems hanged there and will not send any more packets.

    I impose the iptable to capture the OUTPUT tcp packet at the sender
    side.

    I only change the tcp data with the condition of my defined string,
    like the data has a string of "today" (then I change only the "today"
    string). I'm not sure whether the capture and modification process
    stops any tcp communication packets which help to maintain the tcp
    connection.

    Anybody has an idea of what may why the receiver cannot receive the
    modified packet?

  7. Re: how can I modify the network packet payload?

    On Oct 29, 8:52*pm, jimmy wrote:

    > The packet data is changed when I send and receive both on the
    > localhost. The tcp packets are changed, sent and recv all through
    > 127.0.0.1. It works well on the same laptop.


    > But when I send and recv at different laptop through ad hoc network,
    > the receiver cannot receive anything. At the sender side, the packets
    > seem changed and sent out. And after 6 or 7 packets sent out, the
    > sender seems hanged there and will not send any more packets.


    I believe that you need to update the checksum.

    DS

  8. Re: how can I modify the network packet payload?

    David Schwartz wrote:
    > I believe that you need to update the checksum.


    And may need to do so differently if the NIC in use will be using
    ChecKsum Offload (CKO).

    rick jones
    --
    portable adj, code that compiles under more than one compiler
    these opinions are mine, all mine; HP might not want them anyway...
    feel free to post, OR email to rick.jones2 in hp.com but NOT BOTH...

  9. Re: how can I modify the network packet payload?

    On Oct 30, 6:17 pm, David Schwartz wrote:
    > On Oct 29, 8:52 pm, jimmy wrote:
    >
    > > The packet data is changed when I send and receive both on the
    > > localhost. The tcp packets are changed, sent and recv all through
    > > 127.0.0.1. It works well on the same laptop.
    > > But when I send and recv at different laptop through ad hoc network,
    > > the receiver cannot receive anything. At the sender side, the packets
    > > seem changed and sent out. And after 6 or 7 packets sent out, the
    > > sender seems hanged there and will not send any more packets.

    >
    > I believe that you need to update the checksum.
    >
    > DS



    Yeah. It's really the TCP checksum problem.

    I found these links. Hope they may be helpful to the others.

    http://sysnet.ucsd.edu/~cfleizac/iptcphdr.html
    http://www.tcpipguide.com/free/t_TCP...doHeader-2.htm


+ Reply to Thread